HTTP-COOKIES.md: mention that http://localhost is a secure context

author Daniel Stenberg <daniel@haxx.se>

Thu, 17 Nov 2022 18:08:56 +0000 (19:08 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 17 Nov 2022 22:16:31 +0000 (23:16 +0100)
author Daniel Stenberg <daniel@haxx.se>
Thu, 17 Nov 2022 18:08:56 +0000 (19:08 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 17 Nov 2022 22:16:31 +0000 (23:16 +0100)
diff --git a/docs/HTTP-COOKIES.md b/docs/HTTP-COOKIES.md

index 939e9fab2ff96987f1e9da363ff435733000ce5c..bbcb175a798b2bb2cc1d69f2dcf1c68e5bc61ea2 100644 (file)
--- a/docs/HTTP-COOKIES.md
+++ b/docs/HTTP-COOKIES.md
@@ -29,6 +29,11 @@
    RFC6265. Cookie prefixes and secure cookie modification protection has been
    implemented by curl.
  
+  curl considers `http://localhost` to be a *secure context*, meaning that it
+  will allow and use cookies marked with the `secure` keyword even when done
+  over plain HTTP for this host. curl does this to match how popular browsers
+  work with secure cookies.
+
  ## Cookies saved to disk
  
    Netscape once created a file format for storing cookies on disk so that they
author	Daniel Stenberg <daniel@haxx.se>
	Thu, 17 Nov 2022 18:08:56 +0000 (19:08 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 17 Nov 2022 22:16:31 +0000 (23:16 +0100)